Knowledge base
Knowledge base
Breadcrumbs

Atlassian Jira



Purpose

This document provides setup information on the Atlassian Jira integration.

Introduction

Jira is a ticketing system which is implemented in both OUTSCAN and HIAB. It can be used in many ways and has different projects to organize the various usages. Tickets (issues) can be created with an assignee who is responsible for getting it done and a reporter who created it. When Jira is enabled, it will be visible as a ticket system, both in Assign Task and Event Notifications. Recently, 

A linked issue can be created between projects or sub-tasks if it is a bigger task. The Jira instance must be running HTTPS.

Configuring OAuth in Jira

This is required only when you use OAuth authentication method for Jira on OUTSCAN/HIAB. To set up, Jira Administrator access is a prerequisite.

To set up OAuth in Jira:  

  1. Login to OUTSCAN/HIAB.

  2. Go to Settings >Integrations and click on the Keys tab. If it has no content, click the Generate new button and copy the public key.

  3. Go to Jira and log in (as administrator).

  4. Go to Jira administration > Applications > Application links.

To set up OAuth using Jira cloud, go to Jira administration > Products > Application links and then proceed according to the instructions.

  1. Enter the url to OUTSCAN or your HIAB and click on Create new link.

The url to OUTSCAN or HIAB must not end with a “/”.

Example:

https://outscan.outpost24.com check mark
https://outscan.outpost24.com/ cross mark

You might get a warning that no response is received, which is fine.


  1. Click Continue.

  2. Now we set up the actual connection:

    1. Application Name: Provide a name for this connection to view in Jira.

    2. Application Type: Generic Application.

  3. Click the Create incoming link checkbox and click on continue.

  4. Fill in the remaining details:

    1. Consumer key: Any text string but maybe a randomly generated one.

    2. Consumer Name: Provide a name. It can be same as application name.

    3. Public Key: Paste the public key that is copied from OUTSCAN/HIAB.

  5. Click on Register Application.

Set Up Jira Integration

Prerequisites

  • HTTPS certificate from the Jira server.

  • The user should have permission to read issues and to create new issues.

  • It is required to have Jira set up to accept sub-tasks and priority fields, these must also be set as required in Jira.

  • It is important that no custom fields are set up to be required, since nor the HIAB or OUTSCAN does provide information fore those fields.

Setting up

To set up Jira:

  1. Download the HTTPS certificate from your Jira server.

  2. Go to Main Menu > Settings > Integrations.

  3. Select the Jira tab.

  4. Fill in the forms in the Integration Settings window for Jira. Depending on the type of authentication chosen, the options vary.

    1. When Basic Auth is selected:

      jira2.jpg

       

Option

Description

Enabled

Select the Enable checkbox to enable Jira. 

URI

Provide the URI of Jira server (only https protocol is supported).

Project Key

Provide the project key from the Jira instance to use.

Issue Type

Jira can be used to track different types of issue. The common Issue types used are Bug, Epic, and Story. 

Finished Status

Mention the status of the Jira issue.

Authentication

Select Basic Auth.

Username

Provide the username to authenticate against Jira server. 

Password

Provide the password to authenticate against Jira server. 

Link old issues

Enable this feature if you want to link old issues. It is useful when you regenerate tickets for similar issue.

When a ticket for a finding already exist in Jira but is closed, a new ticket is created. If the Link old issues check box is selected, the old closed ticket is linked to the new.

Certificate

Upload the SSL certificate of the Jira instance.

Certificate uploaded 

Displays Yes if a certificate has been uploaded and No if there is no certificate available.

Reset (optional)

Click Reset to fully remove the current settings. It disables the integration and it does not have to be done after you have disabled it since you might want to use the same settings again. 


b. When OAuth is selected:

jira1.jpg


Option

Description

Enabled

Select the Enable checkbox to enable Jira. 

URI

Provide the URI of Jira server (only https protocol is supported).

Project Key

Provide the project key from the Jira instance to use.

Issue Type

Jira can be used to track different types of issue. The common Issue types used are Bug, Epic, and Story. 

Finished Status

Mention the status of the Jira issue.

Authentication

Select OAuth.

OAuth Consumer Key

Provide the same ConsumerKey that is set in Jira.             

Link old issues

Enable this feature if you want to link old issues. It is useful when you regenerate tickets for similar issue.

When a ticket for a finding already exist in Jira but is closed, a new ticket is created. If the Link old issues check box is selected, the old closed ticket is linked to the new.

Certificate

Upload the SSL certificate of the Jira instance.

Certificate uploaded 

Displays Yes if a certificate has been uploaded and No if there is no certificate available.

Authenticate

Click on Authenticate to establish the connection. After clicking, it pops up with a link to your Jira.

  1. Open the link (either by clicking it which will open a new tab, or copy pasting it to your browser). If you do not have a valid session for Jira you will be asked to log in.

  2. It should open a page asking you to allow or deny the application (it will show whatever was configured as "Application name" here).

  3. Click Allow.

  4. Go back to OUTSCAN/HIAB  and press ok on the popup with the link.

Reset (optional)

Click Reset to fully remove the current settings. It disables the integration and it does not have to be done after you have disabled it since you might want to use the same settings again. 


  1. Click Save to save the current settings. 

Unless you get any error, the Jira integration is now configured.

Tickets

The user should have permission to read issues and to create new issues.

If you scan a lot of targets, it is recommended to have a separate Jira project for these tickets, since they can easily reach high in numbers. Every new finding can create one or more new tickets in your Jira server.

There is no maintenance needed except synchronizing configuration if you re-configure your Jira in any way. Synchronization between Jira and OUTSCAN/HIAB is periodic.

This may cause up to X minutes delay in the update.

Creating a Ticket

After enabling Jira, use any of the following ways to create a ticket:

Method 1

  1. Go to Main Reporting Tools > Findings.

  2. Right click on any finding, select Assign task.

    Integration04.png


  3. Select Jira in the ticket system drop-down menu.

  4. Click Save to create a ticket.

Method 2

  1. Go to PCI scanning > Reports.

  2. Right click on a finding, select Assign task.

  3. Select Jira in the ticket system drop-down menu.

  4. Click Save to create a ticket.

Method 3

  1. Go to Event Notifications.

  2. Click +New.

  3. Select Jira in the Action drop-down menu.

This action is only available for Finding Information, Low Risk, Medium Risk, and High Risk.

  1. Click Save to create tickets whenever a report is created with findings of the type of the event.